feat: enable session authentication and support cross-origin credentials

- Added SessionAuthentication alongside JWTAuthentication to support session-based features
- Set CORS_ALLOW_CREDENTIALS = True to allow cookies in cross-origin requests (needed for session handling)

Author: Yosef-AlSabbah

ecommerce_api/settings/base.py

@@ -1,15 +1,3 @@
-"""
-Django settings for ecommerce_api project.
-
-Generated by 'django-admin startproject' using Django 5.2.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/5.2/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/5.2/ref/settings/
-"""
-
 from datetime import timedelta
 from pathlib import Path
 
@@ -31,6 +19,8 @@
 ALLOWED_HOSTS = []
 
 CORS_ALLOW_ALL_ORIGINS = True
+CORS_ALLOW_CREDENTIALS = True
+
 # Application definition
 #      ╭──────────────────────────────────────────────────────────╮
 #      │                Application Configuration                 │
@@ -180,7 +170,7 @@
 REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': (
         'rest_framework_simplejwt.authentication.JWTAuthentication',
-        # 'rest_framework.authentication.SessionAuthentication',
+        'rest_framework.authentication.SessionAuthentication',
     ),
     'DEFAULT_SCHEMA_CLASS': 'drf_spectacular.openapi.AutoSchema',
     'DEFAULT_FILTER_BACKENDS': ['django_filters.rest_framework.DjangoFilterBackend'],
@@ -400,7 +390,7 @@
             'type': 'apiKey',
             'name': 'Authorization',
             'in': 'header',
-            'description': "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
+            'description': "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}",
         }
     },
     'USE_SESSION_AUTH': False,